Fact AIFact AI
Türkçe sürüm

Privacy Policy

Effective date: May 14, 2026 · Last updated: May 14, 2026

This Privacy Policy explains how Fact AI ("the App", "we", "us", "Fact AI") collects, uses, and protects your personal data when you use our mobile application and the services available at fact-ai.app.

Fact AI is a tool that helps you verify claims contained in social-media content (videos, images, posts) with the help of artificial intelligence. By using the service you accept this Privacy Policy.

1. Data Controller and Contact

Data Controller: Fact AI is operated by Erasis Tech, a technology company registered in Türkiye (Teknokent). Erasis Tech is the data controller responsible for the processing of your personal data.

Contact: For any questions, requests, or complaints regarding the processing of your personal data, please contact us at:

  • Email: support@fact-ai.app

We respond to requests received via this address within 30 days, in line with Article 13 of Turkey's KVKK and Article 12 of GDPR.

2. Data We Collect

2.1 Account Data

  • Your email address and password (the password is stored in irreversibly hashed form by our authentication provider Supabase; the plaintext password is never stored on our servers).
  • If you use Sign in with Apple or Sign in with Google, the opaque user identifier returned by the provider and, where you choose to share it, your email address. If you use Apple's "Hide My Email" feature you will share only a relay address.
  • Your language preference (TR/EN) and notification on/off state.
  • Monthly and total analysis counters (used to enforce usage quotas).

2.2 Analysis Data

When you use the core functionality of the App we process the following:

  • Social-media URLs you paste or share (Instagram, TikTok, YouTube, Twitter/X, LinkedIn, etc.).
  • Content metadata derived from that URL: thumbnail, title, caption, content ID, creator username.
  • Analysis output: AI-extracted claims, claim verdicts (true / mostly true / partial / unverified / false), supporting sources, accuracy score, red flags, topic category.
  • If you use the screenshot verification feature, we briefly process a copy of the image while the analysis runs; the original image is not retained on our servers after the analysis, only a low-resolution thumbnail is cached.

2.3 Engagement and Community Data

  • Analyses you bookmark.
  • Comments you post.
  • "Helpful" reactions you give to analyses.
  • Per-claim "agree / disagree" votes you cast.
  • Reports you submit about analyses (reason + optional note).
  • Content creators you follow.
  • Topics you express interest in (selected during onboarding and weighted over time).

2.4 Streak Data

We retain the dates on which you ran an analysis for the past 365 days in order to render a "heatmap" visualization. This data is removed when you delete your account.

2.5 Notification Data

To deliver push notifications we store your device's FCM (Firebase Cloud Messaging) token. Notification payloads include the related analysis ID and a short title/body.

2.6 Subscription Data

We track the validity of your Pro subscription through RevenueCat. Your payment details (credit card, etc.) are never transmitted to us; they are processed by the Apple App Store and Google Play.

2.7 Technical Data and Error Reports

  • Application crash and error reports, performance metrics (via Sentry).
  • Your IP address is truncated before being stored in error reports; we do not retain your full IP.
  • Device type (iOS/Android), app version, OS version.
  • Coarse access logs for API requests (timestamp, endpoint, HTTP status — no personal content).

3. How We Use Your Data

PurposeLegal basis (GDPR / KVKK)
Providing the service (running fact-check analyses)Performance of a contract
Creating and managing your accountPerformance of a contract
Sending notifications (e.g. analysis ready — opt-in)Consent (revocable via Settings)
Debugging and improving service quality (Sentry)Legitimate interest
Verifying subscription status (RevenueCat)Performance of a contract
Anonymous aggregate statistics (most-debunked claims, popular topics, etc. — no personal data)Legitimate interest
Detecting and preventing abuse (rate limiting, spam, scraping)Legitimate interest

4. Third-Party Service Providers

To operate the service we share a limited set of data with the following third-party providers. Each provider processes data only for the purposes described in their own privacy policy.

ProviderShared dataPurposePolicy
SupabaseEmail, hashed password, authentication sessionAccount creation, sign-in, password resetsupabase.com/privacy
Google Gemini APISocial-media content (video/image) and metadata fetched for analysisInspection of the content by the AI model to extract claims. On Google's paid API tier the data we send is not used by Google to train its models.policies.google.com/privacy
Anthropic Claude APIClaim text and verification contextCross-verification of a claim with a second, independent AI model. (Integration is planned; the effective date of this policy will be updated when it is enabled.)anthropic.com/privacy
Firebase Cloud Messaging (Google)FCM device token, notification payloadSending the "analysis ready" push notificationfirebase.google.com/support/privacy
SentryStack traces, device/app metadata, truncated IPError tracking and performance monitoring. Personally identifiable information is filtered.sentry.io/privacy
RevenueCatAnonymized user ID, subscription state, purchase receiptPro subscription managementrevenuecat.com/privacy
Apple Sign in with AppleApple opaque user ID, optional name/emailApple sign-inapple.com/legal/privacy
Google Sign InGoogle account ID, email, profile picture (if available)Google sign-inpolicies.google.com/privacy
Apple App Store / Google PlayPayment information (card, subscription state)Purchase and billing of Pro subscriptions. Payment data is not shared with us.Apple and Google's own policies apply.
Hetzner Cloud (hosting)Servers located in Germany / EU on which all app data is hostedDatabase, API, and file hosting. Our servers are located within the EU.hetzner.com/legal/privacy-policy
Important note: Our service providers may change over time. When material changes occur we will update this policy and display an in-app notice.

5. International Data Transfers

Our primary database servers are located within the EU (Germany). However, some of our providers — including Google (Gemini, Firebase), Anthropic, Sentry, RevenueCat, and Supabase — may operate processing infrastructure outside of the EU, in particular in the United States. Such transfers are performed under the European Commission's standard contractual clauses (SCCs) or an adequacy decision applicable to the relevant provider.

6. Data Retention

  • Account data and analyses: Kept as long as your account is active. When you delete your account (Settings → Delete account) all related data (analyses, comments, votes, bookmarks, follows, streak, push token) is removed at the database level via CASCADE deletion immediately.
  • Sentry error logs: Automatically deleted after 30 days.
  • API access logs: 30 days.
  • Database backups: Retained for 7 days for disaster recovery, then automatically deleted.
  • Thumbnail disk cache: Cleared when the analysis is deleted, or after 90 days of inactivity.

7. Your Rights (GDPR and KVKK)

Under applicable data-protection legislation you have the following rights:

  • Right of access: Find out what data we hold about you.
  • Right to rectification: Ask us to correct inaccurate or incomplete data.
  • Right to erasure (the "right to be forgotten"): Delete your account directly from the app (Settings → Delete account). This action is irreversible.
  • Right to restriction of processing.
  • Right to data portability: Request an export of your data in a machine-readable JSON format (this feature will be added to the app soon; in the meantime you may request the export by email).
  • Right to object to processing based on legitimate interest.
  • Right to withdraw consent at any time (notifications, etc.).
  • Right to lodge a complaint with a supervisory authority: In Turkey, the Personal Data Protection Authority (KVKK — kvkk.gov.tr); in the EU, the data-protection authority of your Member State.

8. Data Security

We apply industry-standard measures to keep your data secure:

  • All client-server traffic is encrypted with TLS 1.2+ (HTTPS only).
  • Passwords are hashed with Supabase Auth's bcrypt-based algorithm.
  • The database runs on a private network with restricted access.
  • API endpoints enforce rate-limits and authentication.

That said, no transmission over the Internet can be guaranteed to be 100% secure. You also share responsibility for the security of your account (don't share your password, use a strong one).

9. Children's Privacy

Fact AI is not intended for users under the age of 13 and we do not knowingly collect data from them. The app is age-rated 13+ in line with Apple App Store and Google Play guidelines. If we become aware that a child under 13 has provided us with data, we will take steps to delete it immediately.

10. Anonymous Aggregate Statistics

Public aggregates such as "most-debunked claims", "popular topics", and "trending creators" are processed and published in a form that does not identify individual users.

11. Cookies

The mobile app does not use cookies. The fact-ai.app web domain uses a limited set of cookies strictly for essential functionality (session, language); we do not use tracking or advertising cookies.

12. Changes to This Policy

We may update this policy from time to time. For material changes we will notify you via an in-app banner or notification. The effective date is shown at the top of the page. We recommend reviewing this policy periodically.


Fact AI · support@fact-ai.app · Terms of Service